Cyber issues are seldom out of the news, from ransomware attacks and espionage to non-malicious outages that cause widespread concern. Organizations need to protect themselves against both current and future risks and...more
12/16/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Information Technology ,
Machine Learning ,
Ransomware ,
Risk Assessment ,
Risk Management
Companies deploying high-risk artificial intelligence (AI) systems must prepare to conduct Fundamental Rights Impact Assessment (FRIA) by 2 August 2026. In this edition of our “Zooming in on AI” series we explain what this...more
As part of our Cybersecurity Awareness Month program of events, we hosted our inaugural Cybersecurity Forum on October 1 at our London office and online.
Compèred by Ffion Flockhart, global head of cybersecurity, the day’s...more
11/27/2024
/ Acquisitions ,
Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Controller ,
EU ,
Incident Response Plans ,
Mergers ,
Personal Data ,
Privacy Laws ,
Ransomware ,
Risk Mitigation ,
UK
When the AI Act was first proposed by the European Commission in 2021, the concept of “general purpose AI” was nowhere to be found. These rules were introduced during the legislative process to align the AI Act to the...more
On October 17, 2024, the DPA of Baden-Wuerttemberg (LfDI) updated its discussion paper on the legal bases for processing personal data in relation to artificial intelligence (AI) (the Paper). The Paper emphasises the...more
The EU Artificial Intelligence Act (“AI Act”) exemplifies a highly advanced risk-based approach to European regulation. One of its distinguishing features is the detailed classification of various risk levels associated with...more
11/12/2024
/ Artificial Intelligence ,
Digital Services ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Transparency
During an investigation, it is not uncommon to discover that an individual has forwarded business emails to their private email address. This ruling from the Higher Regional Court Munich shows the potential implications of...more
11/4/2024
/ Board of Directors ,
Confidential Information ,
Corporate Governance ,
Corporate Misconduct ,
Email ,
Email Policies ,
General Data Protection Regulation (GDPR) ,
Germany ,
Internal Investigations ,
Personal Information ,
Sensitive Business Information ,
Termination ,
White Collar Crimes
Companies deploying high-risk artificial intelligence (AI) systems must prepare to navigate a complex landscape of new obligations by August 2, 2026. In this post we explain the key obligations for providers and deployers of...more
10/30/2024
/ Artificial Intelligence ,
Automated Systems ,
Data Protection ,
Distributors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Importers ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Technology Sector ,
Transparency
AI-driven technology has emerged as a cornerstone of our present and future daily lives, revolutionising the way transactions and interactions are organised.
With the increased use of AI systems, there is also an...more
10/22/2024
/ Artificial Intelligence ,
Corporate Governance ,
Data Protection ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Stakeholder Engagement ,
Technology Sector
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
10/21/2024
/ Artificial Intelligence ,
Consumer Protection Laws ,
Data Protection ,
Enforcement Actions ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Legislative Agendas ,
Liability ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
UK ,
United States
Rapid and accelerating developments in artificial intelligence have prompted governments around the world to consider how AI should be regulated and used responsibly by businesses, without stifling innovation.
This is...more
10/17/2024
/ Artificial Intelligence ,
Capital Markets ,
Data Protection ,
EU ,
Financial Conduct Authority (FCA) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Intellectual Property Protection ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector ,
UK ,
White Collar Crimes
Many governments are grappling with the question of how to regulate artificial intelligence to ensure it is adopted safely and used responsibly without hampering innovation. Governments have generally indicated similar...more
10/8/2024
/ Artificial Intelligence ,
Bank of England ,
Bergdorf Goodman ,
Data Collection ,
Data Processors ,
Data Selling ,
Documentation ,
EU ,
European Banking Authority (EBA) ,
European Securities and Markets Authority (ESMA) ,
Financial Conduct Authority (FCA) ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Services Industry ,
Information Governance ,
Machine Learning ,
MiFID II ,
Personal Data ,
Popular ,
Privacy Laws ,
Prudential Regulation Authority (PRA) ,
Regulatory Agenda ,
Regulatory Standards ,
Risk Management ,
Third-Party ,
Training ,
Transparency ,
UK
One of the key aspects of the EU AI Act (“AI Act”)[1] is linked to the qualification of providers and deployers and the nuances which help distinguish between the two categories of stakeholders. What would this mean in...more
The Digital Operational Resilience Act EU 2022/2554 (DORA) constitutes a groundbreaking EU regulation designed to establish a unified framework for bolstering cybersecurity and operational resilience within the financial...more
9/10/2024
/ Banking Sector ,
Compliance ,
EU ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Investment Management ,
Legislative Agendas ,
New Legislation ,
Policies and Procedures ,
Regulatory Agenda ,
Regulatory Requirements
The Artificial Intelligence Act (AI Act) entered into force on 1 August 2024 and is the world's first comprehensive legal framework for AI regulation. As companies start incorporating AI tools into their business, products...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
EU Regulation 2024/1689, also known as the Artificial Intelligence Act (AI Act), enters into force as of 1 August 2024. But when will it become applicable?
The AI Act sets out a harmonized legal framework for the...more
8/5/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Data Protection ,
EU ,
Innovative Technology ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On 12 July, 2024, the Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (the ‘EU AI Act’) was published in the official Journal of the European Union. The EU AI Act aims to establish a...more
7/25/2024
/ Artificial Intelligence ,
Data Privacy ,
Data Protection ,
Enforcement ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On June 20, 2024, the Court of Justice of the European Union (‘CJEU’) issued its judgment in two joined cases C-182/22 and C-189/22, Scalable Capital, on the right to compensation for non-material damages under Article 82(1)...more
With Parliamentary elections and a series of national votes in 2024, the EU is entering a pivotal period in its history. In this study, ‘Global business in a changing Europe’, we speak to corporate leaders across the world to...more
3/22/2024
/ Acquisitions ,
Artificial Intelligence ,
Asset Management ,
Capital Markets ,
Competition ,
Corporate Governance ,
Energy Sector ,
Environmental Social & Governance (ESG) ,
EU ,
European Commission ,
Global Market ,
Greenhouse Gas Emissions ,
Investment ,
Investment Management ,
Investors ,
Merger Controls ,
Mergers ,
Net Zero ,
Regulatory Agenda ,
Risk Management ,
Sustainability
Alongside the recent CJEU judgment on automated decision making in Schufa (see the Allen & Overy blog ) there are a range of developments related to ADM in other jurisdictions.
UK developments -
The UK Parliament is...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued a landmark judgment on Article 22 of the General Data Protection Regulation (GDPR), focused on decision making based solely on automated processing...more
In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?...more